Cisco PIX

Gordon Macpherson gordonm at BASE4.COM
Tue Apr 25 10:27:57 EDT 2000


I've worked with the PIX for a few years now, working with software
from version 3.x up to 4.x.  I can't speak to the latest software
release, 5.x.

For an "appliance" it's all right.  I wouldn't want to manage 50 of
them, but managing a few isn't too much of a chore.  If you have
simple requirements, then setting up a PIX is very straightforward,
and they tend to pretty much run without a problem.  I've had some
frustrations in the past doing a few more complex things with them
though.

Management has been a bit of an issue.  I understand there is some
kind of management application that runs on NT, but I haven't used
this. I also believe Cisco now has some kind of enterprise level
solution for managing large numbers (they'd better).  Only recently
Cisco introduced the ability to load configurations via tftp (instead
of writing to tftp only).  This made my day - tracking config
changes/reverting to previous revisions of configs became much
simpler.

Documentation has improved considerably over time - if anyone from
Cisco is reading this - thanks! Originally, it was quite poor.  There
are still some gaps - particularly in regards to authentication and
authorization (if any one from Cisco is reading this - examples are
good!) but hey - you can always turn on debugging where appropriate.

Logging with a PIX could be more flexible - it's a little sparse
compared to some other solutions.  To be fair, I'm not running the
latest code - I think they have made improvements in version 5.

Which brings me to the last point - make sure you're running an
appropriate version of the software.  There is one outstanding issue
with regards to ftp - check out Cisco's web site.

-

Gord.

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list